The implementation of the c language library call calloc(), provided as
part of several c libraries, has a buffer overflow that under some
circumstances may be exploitable. Libraries reported to be vulnerable
include: multiple versions of glibc and glibc2, the GNU C++ Compiler,
Microsoft Visual C++ 4.0, Microsoft Visual C++ 6.0, GNU GNAT 3.14 b,
and dietlibc 0.18.

It has been reported that this buffer overflow has been repaired in
the CVS repository of glibc. Users should watch for updates from
their vendor.

Sun's ONE/iPlanet Web Server is reported to be vulnerable to a buffer
overflow in the code that handles "Chunked Encoding." This buffer
overflow may be exploitable by a remote attacker to execute arbitrary
code as root.

An error in the way that FreeBSD handles the calculation of file sizes
in Berkeley Fast File Systems can be used by an attacker to access
arbitrary locations in the file system. This error is exploited by
creating a file too large to be handled by FreeBSD.

It is recommended that users apply the appropriate patch for their
system as soon as possible. A possible workaround for file systems
with 16k blocks is to set the value of RLIMIT_FSIZE to 63MB or less.
This can be done by editing /etc/login.conf and modifying the default
class; this, however, will not protect most systems from all possible
attacks, as it is possible to log in using tools that do not use this
file to set default values.

iSCSI is a protocol that allows SCSI access over IP networks. The
Linux version (Linux-iSCSI) stores its configuration information, in
some installations, in a world-readable file. This can potentially
lead to the exposure of sensitive information. It has been reported
that the Red Hat Linux Limbo Beta shipped with the configuration file
world-readable.

The permissions of the file /etc/iscsi.conf should be restricted so
that only root can read from or write to the file. Red Hat has announced that
they will fix the permissions of the configuration file in the next
release.

dietlibc, a small version of the libc library, is vulnerable to an integer overflow that can be used by an attacker to execute arbitrary code. If a set user id root application is linked against this
library, a successful exploit could lead to a root compromise.

Affected users should upgrade to a repaired version as soon as
possible. Debian has announced that dietlibc version 0.12-2.2 has
been released for Debian stable woody and version 0.20-0cvs20020806
for Debian unstable.

The OpenAFS distributed file system system is vulnerable to a integer-overflow-based attack that can be exploited by a remote attacker to
execute arbitrary code on the server with the permissions of the user
running OpenAFS (normally root). The integer overflow vulnerability
is in the volserver, vlserver, ptserver, and buserver daemons. Versions of OpenAFS affected include: 1.0.x, 1.1.x, 1.2.x (up to and
including OpenAFS 1.2.5), and 1.3.x (up to and including OpenAFS 1.3.2).

Users should upgrade to OpenAFS version 1.2.6 or newer as soon as
possible or apply an available patch to their stable version of
OpenAFS. No patch or update has been released for the
OpenAFS-unstable series.

The RPC library used by the Kerberos 5 administration system is
vulnerable to an integer overflow that can be exploited by an attacker
to gain root access to the server. It has been reported that the
attacker must be able to authenticate to the server before exploiting
the overflow.

Users should watch their vendor for updated packages. Debian has
released new packages that fix this problem for both the stable and
unstable versions.

SGI has released new BIND packages for IRIX. SGI distributes BIND
with IRIX 6.5, but it is not installed by default.

Users who have BIND installed on their systems should upgrade to the new package, which
installs version 4.9.8 patch level 1 in a chroot jail, or should
upgrade to IRIX 6.5.18 when it becomes available.